Jul 8

adversary group naming (noun) [Word Notes]

Please enjoy this encore of Word Notes. A cyber threat intelligence best practice of assigning arbitrary labels to collections of hacker activity across the intrusion kill chain.

10m 17s

Jul 3

Brushed aside: The subtle scam you didn't order.

This week, our hosts⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠Dave Bittner⁠⁠, ⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠, and ⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠ Space Daily show) are back sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making ... Show More

44 m

Jul 1

The RMM protocol: Remote, risky, and ready to strike. [Only Malware in the Building]

Please enjoy this encore of Only Malware in the Building. Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is ⁠⁠Selena Larson⁠⁠, ⁠⁠Proofpoint⁠⁠ intelligence analyst and ho ... Show More

41m 25s

Feb 2025

Live from Orlando, it's Hacking Humans! [Hacking Humans]

In this special live episode of Hacking Humans, recorded at ThreatLocker’s Zero Trust World 2025 conference in Orlando, Florida, Dave Bittner is joined by T-Minus host Maria Varmazis. Together, they explore the latest in social engineering scams, phishing schemes, and cybercrimin ... Show More

30m 51s

Nov 2024

FBI fights fake news.

The FBI flags fake videos claiming to be from the agency. Okta patches an authentication bypass vulnerability. Microsoft confirms Windows Server 2025 Blue Screen of Death issues. Scammers exploit DocuSign’s APIs to send fake invoices that bypass spam filters. Hackers use smart co ... Show More

37m 54s

Nov 2021

Stealing from the best? An enigma in the criminal-to-criminal market. CISA’s holiday caution. Someone’s impersonating the SEC. Three weekend cyberattacks.

The Lazarus Group seems interested in learning from, by which they mean stealing from, some of the world’s leading state-sponsored cyber operators. Void Balaur remains an enigma, but it’s not the only player in the C2C market. CISA and the FBI warn all, but especially critical in ... Show More

21m 48s

Jun 20

A blast from the breached past.

An historic data breach that wasn’t. Aflac says it stopped a ransomware attack. Cloudflare thwarts a record breaking DDoS attack. Mocha Manakin combines clever social engineering with custom-built malware. The Godfather Android trojan uses a sophisticated virtualization technique ... Show More

31m 43s

Dec 2024

Buckets of trouble.

Researchers uncover a large-scale hacking operation tied to the infamous ShinyHunters. A Dell Power Manager vulnerability lets attackers execute malicious code. TikTok requests a federal court injunction to delay a U.S. ban. Radiant Capital attributed a $50 million cryptocurrency ... Show More

37m 20s

Dec 2024

Is Hawk Tuah Girl's cryptocurrency a scam?

Headlines: Women launch class action against BHP and Rio Tinto over alleged decades of sexual harassment, Anthony Albanese supports exclusion zones near houses of worship, Saudi Arabia chosen to host FIFA world cup, and HECS balances will be slashed from today. Deep Dive: A viral ... Show More

21m 48s

Dec 2024

Top Phishing Exploits fo 2024: Cyber Security Today for Friday, December 13, 2024

Top 5 Phishing Exploits of 2024: Abnormal Security Report and More | Cybersecurity Today In this episode of Cybersecurity Today, host Jim Love delves into Abnormal Security's end-of-year report outlining the top five phishing exploits of 2024 and their predictions for 2025. The e ... Show More

11m 39s

Aug 2024

Confidential or compromised?

The Trump campaign claims its email systems were breached by Iranian hackers. A Nashville man is arrested as part of an alleged North Korean IT worker hiring scam. At Defcon, researchers reveal significant vulnerabilities in Google’s Quick Share. Ransomware attacks hit an Austral ... Show More

30m 47s

Jan 2025

China’s shadow over U.S. telecom networks.

New reports shed light on both Volt and Salt Typhoons. Tenable updates faulty Nessus Agents and resumes plugin updates. A new infostealer campaign targets gamers on Discord. A fake version of a popular browser extension has been discovered stealing login credentials and conductin ... Show More

32m 41s

Sep 2024

U.S. rains on Russia’s fake news parade.

The DOJ disrupts Russia’s Doppelganger. NSA boasts over 1,000 public and private partners. The FBI warns of North Korean operatives launching “complex and elaborate” social engineering attacks. Iran pays the ransom to sure up their banking system. Cisco has disclosed two critical ... Show More

30m 22s

Not-so-real deals.